Excitel Broadband has no support for Port Forwarding

  • Thread starter Thread starter Deleted member 63558
  • Start date Start date
  • Replies Replies 55
  • Views Views 17,354
Ok, so this is weird. According to utorrent it has incoming connections available and the port is working correctly and is open for incoming connections. Damn have to see how it is doing it.


Source



Anyone using spectra feel free to answer the questions below when you get time.

1. Since there is a NAT what happens when you try to port forward a port which is already in use by some other user?.
2. Can you tell me the first three octets of your public IP?
3. How does peer to peer applications like utorrent behave? Does it say that you have incoming connections?
 
@achaudhary997

1. I'm inclined to think that they do one-to-one NAT for some reason, so the public IP is one to one mapped to the internal WAN side IP address. In that case there shouldn't be any port conflicts. Other wise I can't think of a way this would actually work, cause the moment I add a destination NAT rule it just works.

2. Well, take the whole thing 😉

Code: 
[root@varkey-minipc nginx]# dig +short minipc.varkey.net @8.8.8.8
minipc.varkey.info.
180.151.117.121
[root@varkey-minipc nginx]#

3. Yep, uses uPNP to setup the port-forwards which essentially just creates the port-forwards automatically.
 
@achaudhary997 it's possible that Excitel could be doing something similar but maybe they are allowing only ports above 30k for example? Perhaps try to manually port-forward with a port above 30k and see if it works out.
 
Ok, so even excitel is also doing something which is not as straight forwards as spectra. Somehow utorrent manages to get hole punched through the DUAL Nat on the port that it randomly selects (shown in settings).


Source
 
Nope. manually opening port in the router achieves nothing.

EDIT: Since utorrent seeding works in both ways. I.E. If the peer cannot connect to your IP, then your IP will initiate a connection to the peer. I checked using wireshark and could see that it is the other peers you are initiating a connection to my machine. Therefore they can access my pc from outside.
 

So, I had Static IP from the Excitel for some hours and Port-Forwarding worked flawless with it.

I ran Plex on that (since Plex is the best way to test your Port-Forwarding). I was seeing movies of Full HD perfectly.

Excitel 50Mbps ---> Airtel 16Mbps. (Plex Movie Streamed)

I'm just not sure if I should ask them for the permanent as my LCO is shit. I might not even continue Excitel in coming days.
 
achaudhary997 said:
Nope. manually opening port in the router achieves nothing.

EDIT: Since utorrent seeding works in both ways. I.E. If the peer cannot connect to your IP, then your IP will initiate a connection to the peer. I checked using wireshark and could see that it is the other peers you are initiating a connection to my machine. Therefore they can access my pc from outside.
Click to expand...

@achaudhary997 You mean to say that it's you who is initiating the connections to the other peers? And it is through this connection they are able to reach you?

Also, have you ever tried ZeroTier? If you don't mind, could you set it up on two devices, one of the Excitel network, other elsewhere and see if these devices establish direct connectivity?

You could just run the below command and see if you see an IP address against the other device's ID.

zerotier-cli listpeers

ZeroTier appears to get through NAT in various ways, would be interesting to see how it fares in case of Excitel.
 
Last edited:
^ I tried Zerotier, but it doesn't solve a lot of issues. It worked for the Plex but not for me where I need the real port-forwarding.
 
If you can tell your use case or give a similar example (as it appears your use case is top secret 😉 ), I will try to help. If not it doesn't go anywhere.

You are considering that port-forwarding is the only solution to your problem, there could be different ways your problem can be tackled and we can't even go through those alternatives unless you tell us exactly what you need.

And no I don't want to discuss in private.
 
Last edited:
Even with ZeroTier, you could pay 5 USD per month a get a DigitalOcean droplet and make it your ZeroTier relay node and then do whatever it is you want to do.

Or if the service itself can be run on a Digital Ocean droplet, even better.

So tell us the actual problem and we can solve it.
 
varkey said:
@achaudhary997 You mean to say that it's you who is initiating the connections to the other peers? And it is through this connection they are able to reach you?

Also, have you ever tried ZeroTier? If you don't mind, could you set it up on two devices, one of the Excitel network, other elsewhere and see if these devices establish direct connectivity?

You could just run the below command and see if you see an IP address against the other device's ID.

zerotier-cli listpeers

ZeroTier appears to get through NAT in various ways, would be interesting to see how it fares in case of Excitel.
Click to expand...

What i meant is that Utorrent is a sophisticated software. Say person A is seeding and person B is a client. If the client is behind a NAT there is no problem as he can still connect to the server. But if the client has a public IP and the server is behind NAT then what Utorrent does is that it will tell the server to connect to the client (as client has public IP) and then transfer data through it.
But in my case even though I am seeding and I am behind double nat still I was able to get incoming connections (verified using wireshark). I don't know how Utorrent managed to punch a hole through double nat [though possible but it is usually done via STUN/TURN servers which I did not notice in the packet capture]
 
Varkey is correct. Get some Vps and use it as a OpenVpn relay (Bangalore DigitalOcean) and use it for port forwarding. I used it when my ISP didn't give me Public IP). Most of the time port forwarding doesn't work on double nat. Or use Airtel for Plex(Airtel has all ports open and ip doesn't change unless you restart the router)
 
achaudhary997 said:
What i meant is that Utorrent is a sophisticated software. Say person A is seeding and person B is a client. If the client is behind a NAT there is no problem as he can still connect to the server. But if the client has a public IP and the server is behind NAT then what Utorrent does is that it will tell the server to connect to the client (as client has public IP) and then transfer data through it.
But in my case even though I am seeding and I am behind double nat still I was able to get incoming connections (verified using wireshark). I don't know how Utorrent managed to punch a hole through double nat [though possible but it is usually done via STUN/TURN servers which I did not notice in the packet capture]
Click to expand...

True, but then for the first point, how does the torrent client tell the "server" in this case (to initiate a connection to the client ie a reverse connection) that there is a "client" looking for data from him? He can't accept incoming connections right. Perhaps that works only if the "server" is also actively downloading and he connects to you to get some data off of you and in turn you pull data from him as well.

If say for example, you, the client is publicly reachable easily, and the list of peers are all seeders who are behind NAT and cannot be reached, would a seeder peer initiate a connection to you even though he doesn't need any data from you? If so how does he get to know? Does a seeder (behind NAT) look at the peer list and just try to connect to other peers who needs data? 🤔 When I think of it, it does sound feasible.

Regarding the NAT traversal, you are right, could be some form of UDP hole punching via STUN etc. I believe ZeroTier would also be using something like that to traverse the NAT.

broadband.forum

How to bypass Excitel (or any other isp) firewall and NAT | Excitel Broadband

For nearly a year, I have been trying to find a way to punch through excitel's firewall to make my LAN accessible through WAN. As Excitel uses carrier grade NAT to provide its services, we weren't able to access our home servers, cameras etc . Recently, I found a software called ZeroTier One...
broadband.forum broadband.forum
 
alphago said:
Varkey is correct. Get some Vps and use it as a OpenVpn relay (Bangalore DigitalOcean) and use it for port forwarding. I used it when my ISP didn't give me Public IP). Most of the time port forwarding doesn't work on double nat. Or use Airtel for Plex(Airtel has all ports open and ip doesn't change unless you restart the router)
Click to expand...

Although I am biased towards ZeroTier cause its so damn easy to set up. Setting up OpenVPN when compared to setting up ZeroTier is severely complicated (not saying that its very difficult, but ZeroTier is almost zero configuration).

And the latency to Digital Ocean Bangalore is really great which makes it the cheapest option if you want something like this in India.
 

Similar threads

amal95
Please help with NAT Type 3/ Strict NAT. Tried port forwarding with static internal ip, DMZ, UPnP, Calling ISP. I don't know what to do now.
2
Replies
21
Views
7,621
Spectra
rishabkshk007
How to forward port 80 and 443 on Excitel Broadband connection
Replies
7
Views
4,996
prakhargupta330
C
How is Excitel Broadband so cheap?
2 3
Replies
42
Views
8,241
nishantt6969
I
Excitel Vs Jio Vs Airtel Fibre in terms of Customer Care & Support
Replies
14
Views
2,297
Xposed
Top